AST
Definition
AST, or Application Security Testing, refers to the process of analyzing and testing software applications to identify security vulnerabilities and weaknesses. It encompasses various methodologies, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Interactive Application Security Testing (IAST), each focusing on different aspects of the application lifecycle to ensure comprehensive security coverage.
Secure Settings Example
# Example of a secure SAST configuration using a hypothetical tool
sast:
enabled: true
rules:
- id: "no-hardcoded-secrets"
severity: "high"
- id: "sql-injection"
severity: "critical"
output:
format: "json"
destination: "/secure/reports/sast-results.json"
fail_on_severity: "high"
Insecure Settings Example
# Example of an insecure SAST configuration
sast:
enabled: false
rules:
- id: "no-hardcoded-secrets"
severity: "low"
- id: "sql-injection"
severity: "medium"
output:
format: "text"
destination: "/reports/sast-results.txt"
fail_on_severity: "critical"